FACT SHEET: What are the AML/CTF Governance Obligations?

This Fact Sheet has been prepared based on the future requirements of the AML/CTF for Tranche 2 entities that will commence 1 July 2026. 

As a reporting entity, you must identify the following roles within your governance structure:

• Governing Body
• Senior Manager(s), and
• AML/CTF Compliance Officer

If you are a small business, your senior manager(s) does not have to be independent from your governing body or AML/CTF compliance officer.  In fact, particularly if you are a sole trader or single employee business, several or all of the above roles can be fulfilled by the same individual.  The focus is on ensuring all responsibilities are allocated appropriately and completed.

What is a Governing Body for AML/CTF purposes?

The governing body of your reporting entity will be:

• you, if you are a sole trader / sole practitioner, or
• the individual, or group of individuals who have primary responsibility for the governance and executive decisions of your reporting entity (for example, your Board).

The responsibilities of your governing body are:

1. Oversight of:

• • the identification and assessment of risk for your ML/TF risk assessment, and
  • compliance with your reporting entity’s AML/CTF policies and all relevant obligations under the AML/CTF regime

2. Take reasonable steps to ensure your reporting entity is:
   • appropriately identifying, assessing, managing and mitigating the risks of ML, TF and PF your business may face when providing its designated services, and

• • complying with its AML/CTF policies and all relevant obligations under the AML/CTF regime

It’s essential that your governing body is:

• sufficiently informed of the risks of ML/TF/PF that your business may reasonably face when providing designated services, and
• notified in writing of any updates to your business’s ML/TF risk assessment as soon as practicable after the update has been made.

Who is a Senior Manager for AML/CTF purposes?

The senior manager(s) of your business will be an individual who makes, or participates in making, decisions that affect the whole, or a substantial part of, the business.

Depending on the nature, scale and complexity of your business, you can appoint one or more senior managers.

Your senior manager(s) may, but does not need to, be a member of your executive team such as a Partner or CEO.

Your senior manager(s) will be responsible for approving and updating your AML/CTF program, including your:

• ML/TF risk assessment, and
• AML/CTF policies.

In addition, your senior manager(s) are required to approve, or be informed of, certain business relationships or transactions with customers or service providers.

Importantly, your nominated senior manager(s) must be documented in your AML/CTF policies.

Remember your governing body must be notified in writing of any updates to your business’s ML/TF risk assessment as soon as practicable after the update has been made.

Who is an AML/CTF Compliance Officer?

A reporting entity must designate an individual to be the AML/CTF compliance officer.

This person must:

• be a resident of Australia (if you provide designated services through a permanent establishment in Australia)
• be a fit and proper person
• be employed or otherwise engaged by your business (reporting entity) at management level, and
• have sufficient authority, independence and access to resources and information to ensure they can perform their designated functions as an AML/CTF compliance officer.

The AML/CTF Rules provide additional requirements for determining if an individual is a fit and proper person, including, but not limited to:

• whether the individual possesses the competence, character, diligence, honesty, integrity and judgement to properly perform the duties of the AML/CTF compliance officer for the reporting entity
• whether the individual is an undischarged bankrupt under the law of Australia or a foreign country, and
• whether the individual has a conflict of interest that will create a material risk that the individual will fail to properly perform the duties of the AML/CTF compliance officer for the reporting entity.

The responsibilities of your AML/CTF compliance officer include:

• to oversee and coordinate your business’s day-to-day compliance with the AML/CTF Act, regulations and the AML/CTF Rules
• to oversee, ensure effective operation and compliance with your AML/CTF policies, and
• communicate, on behalf of the business, with AUSTRAC.

This also includes anything that may be incidental or that supports the effective operations of these responsibilities.

Once implemented, is there anything more I need to do?

As with any third-party arrangement, you should put in place processes to monitor:

• the performance of the external service provider against the agreed SLAs
• that the arrangement continues to comply with your AML/CTF obligations, and with the relevant procedure in your AML/CTF Program, and
• any changes to your relevant AML/CTF obligations or business, that may need to be reflected in the nature of the service provided, the terms of the outsourcing agreement or may require the appointment of a new external service provider.

Need more information?

Check out the following resources:

• AML/CTF Reforms
• Fact Sheet: What is an AML/CTF Program?
• Fact Sheet: Can you outsource your AML/CTF Obligations?
• AML/CTF Glossary

Sign up to our AML/CTF updates & receive a free ‘Getting Ready’ Workbook: